授予下载的powershell脚本从C#应用程序运行的权限?

ax6ht2ek  于 2023-10-18  发布在  Shell
关注(0)|答案(2)|浏览(144)

我只是遇到了这个,经历了一吨的SO问题,仍然看不到解决方案。
所以,我有一个C#应用程序(“ClickOnce”)。C#应用程序运行此MyScript.ps1 PowerShell脚本,并且在开发计算机上一切正常。
然后,我在另一台计算机上尝试-安装C#应用程序,然后下载一个zip,解压缩它,它有powershell脚本MyScript.ps1;我将C#应用程序设置为使用MyScript.ps1的本地路径,然后运行它。这是我在应用程序中得到的:

check_script err:File C:\Users\User\Desktop\MyFolder\MyScript.ps1 cannot be loaded because 
running scripts is disabled on this system. For more information, see about_Execution_Policies at 
https:/go.microsoft.com/fwlink/?LinkID=135170.
    + CategoryInfo          : SecurityError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnauthorizedAccess

然后,我在ps1 cannot be loaded because running scripts is disabled on this system的管理员PowerShell中尝试:

PS C:\WINDOWS\system32> Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned

Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
you to the security risks described in the about_Execution_Policies help topic at
https:/go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"): y
PS C:\WINDOWS\system32> Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted

Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
you to the security risks described in the about_Execution_Policies help topic at
https:/go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"): y
PS C:\WINDOWS\system32> Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
you to the security risks described in the about_Execution_Policies help topic at
https:/go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"): y

这些都不能帮助脚本从C#应用程序运行。
在以前的尝试中(不幸的是我没有记录),我让脚本以其他方式运行(例如,如果你调用powershell .\MyScript.ps1,它会在没有任何提示的情况下工作-我想这是用Unblock a file with PowerShell?);另外,如果你在dir /r中运行dir /r(不是在powershell中,该命令在那里失败),我可以看到例如。

C:\>dir /r .
 Volume in drive C is Windows
...
 Directory of C:\Users\User\Desktop\MyFolder\

12/09/2023  14.16    <DIR>          .
12/09/2023  14.16    <DIR>          ..
12/09/2023  14.13             4.605 MyScript.ps1
12/09/2023  14.14    <DIR>          subdir01
...
12/09/2023  14.13            60.356 libwinpthread-1.dll
                                 98 libwinpthread-1.dll:Zone.Identifier:$DATA
...
12/09/2023  14.13             5.131 MYBATCH.bat
                                 98 MYBATCH.bat:Zone.Identifier:$DATA

所以,Zone.Identifier* 在MyScript.ps1上消失了-这可能是为什么脚本现在从MyScript.exe运行(或者双击-无法分辨,它结束得太快),但这仍然不适用于C#。
我还能做什么,给予这个脚本权限,让它从普通用户启动的C#应用程序中运行?

h22fl7wq

h22fl7wq1#

  • 如果您可以在执行C#应用程序之前 * 在给定机器上 * 持续 * 设置execution policy**,则可以执行以下操作(除非策略通过 * GPO *(组策略对象)控制,但请注意,选择Unrestricted将 * 提示同意 * 执行从Web下载的脚本,而通常使用的RemoteSigned策略更安全地 * 拒绝执行 *。
  • 从一个 * 提升的 * 会话(以管理员身份运行),您可以使用-Scope AllUsers为 * 所有 * 用户设置策略:
#requires -RunAsAdministrator
Set-ExecutionPolicy -Scope AllUsers -Force Unrestricted
  • 在非提升会话中,您只能为 * 当前 * 用户设置策略:
Set-ExecutionPolicy -Scope CurrentUser -Force Unrestricted
  • 一个更简单的解决方案是 * 临时 * 更改仅用于C#应用程序进程 * 的执行策略 *,通过PowerShell SDK使用初始会话状态的适当配置。
  • 详情请参见this answer
5lhxktic

5lhxktic2#

好的,我想我明白了:如果您在管理PowerShell中运行Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted,它会为“当前用户”进行设置,在本例中是Administrator -而不是当前用户!
所以我打开了一个 normal cmd exe(也就是说,作为这台PC上的普通用户),然后:

C:\Users\User>cd C:\Users\User\AppData\Local\Apps\2.0\...
C:\Users\User\AppData\Local\Apps\2.0\...>powershell
Windows PowerShell
...
PS C:\Users\User\AppData\Local\Apps\2.0\...> Get-ExecutionPolicy -Scope CurrentUser
Undefined
PS C:\Users\User\AppData\Local\Apps\2.0\...> Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted
PS C:\Users\User\AppData\Local\Apps\2.0\...> exit
C:\Users\User\AppData\Local\Apps\2.0\...>my_csharp_program.exe

我对C#程序安装的目录做了cd,不确定是否有必要,但可以看到“CurrentUser”有一个未定义的ExecutionPolicy,在将其设置为Unrestricted后,退出PowerShell,并直接从Xbox.exe运行.exe最终工作(对我来说)。

相关问题